CVE-2018-13282
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Date published : 2018-10-31 https://www.synology.com/en-global/support/security/Synology_SA_18_37